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Background 


Uniform Driver License Act 

In 1993, the Utah Legislature passed and the Governor signed S.B. 19, Department of Public Safety 
(DPS) Reorganization, which officially designated the Uniform Driver License Act (UDLA) and 
statutorily created the Driver License Division (DLD). 1 The duties assigned in statute to DLD include 
the duty to "[establish] procedures for the storage and maintenance of [driver license] applicant 
information." 2 Applicant information may include the applicant's full legal name, birth date, 
gender, fingerprints, photograph, and proof of valid Social Security Number (SSN). This 
information is currently stored and maintained in an electronic driver license database (Database). 
The Department of Technology Services (DTS) assists DLD in operating and maintaining the 
database. 3 

Access to the Driver License Database 

Statute restricts access to Database data based on the requesting entity, the type of information 
requested, and its intended use. In general, under the Uniform Driver License Act, DLD "...may 
only disclose personal identifying information [(Pll)] when the division determines it is in the 
interest of public safety to disclose the information..." Other, non-identifying information is 
"classified and disclosed in accordance with... [the] Government Records Access and Management 
Act" (GRAMA). 4 GRAMA provides for the classification of government records as public, private, 
controlled, or protected and indicates the appropriate circumstances for disclosing each type of 
record. 

Additional provisions are made in statute for specific circumstances where DLD may disclose 
applicant information independent of the restrictions above. Entities to whom DLD is specifically 
authorized to disclose applicant information include: 

• Licensed private investigators with a legitimate business need 

• Motor vehicle insurance companies 

• Organ procurement organizations 

• Licensing authorities of other states 

• Specific departments of the Utah state government 

• U.S. Department of Defense 5 

Statute authorizing disclosure of applicant information generally specifies what information may 
be shared with a particular entity. DLD is required to share applicant information in some cases. In 
others, DLD is authorized to share applicant information but not required to do so. 


1 Laws of Utah, 1995 General Session, Ch. 333. 

2 Utah Code § 58-37f-201(2). 

3 Utah Code § 58-37f-201(3). 

4 Utah Code § 53-3-109(l)(b). 

5 Utah Code § 53. 
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Audit Objectives, Scope, Methodology, and Limitations 


This audit was conducted to review the data-sharing practices of DLD. Our audit scope included a 
review of the following data and documentation from calendar years 2017 and 2018: 

• Applicable state statutes and administrative rules 

• Applicable DTS, DPS, and DLD policies and procedures 

• Audits and risk assessments conducted by DTS, DPS, the Federal Bureau of Investigation, 
and the Office of the Legislative Auditor General 

• Memoranda of Understanding between DLD and third parties receiving applicant 
information from the Database 

In addition to our review of applicable documentation, we conducted interviews with 
management and process owners to understand and evaluate data-sharing practices. 
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Findings 


Finding 1: DLD discloses driver license information not authorized in statute 

Condition DLD may not share Pll except in the interest of public safety or as 

specifically authorized in statute. We found three relationships 
where DLD shares Pll with an external party without any statutory 
authority to do so or public safety interest. We also found three 
additional relationships where DLD is authorized to share specific Pll 
with external entities, but has chosen to share additional Pll not 
authorized in statute. 


Data Recipient 

Data Improperly Shared 

Applicable 

Statute 

Public 

Safety 

Interest 

Tax Commission 

Last four digits of license 
number, expiration date of 
license, and date of birth of 
individuals requested 

None 

No 

Utah Population 
Database 
(University of 
Utah) 

Name, date of birth, place 
of birth, SSN, address, 
mother's maiden name, 
physical characteristics of 
licensed individuals 

None 

No 

Office of State 

Debt Collection 
(OSDC) 

Name, date of birth, alias 
indicator, license number, 
address, SSN, license 
expiration dates, license 
issue dates of "individuals 
who have outstanding debt 
with the [OSDC]" 

None 

No 

Office of the 

Lieutenant 

Governor 

SSN and physical 
characteristics of licensed 

voters 

20A-2-204(3); 

20A-2-109 

No 

Department of 
Veterans and 
Military Affairs 

License number, gender, 
date of birth of licensed 

veterans 

53-3-205(16) 

No 

Intermountain 

Donor Services 

License number, date of 
birth, gender of organ 
donors; License number, 
date of birth, gender, 
names, and addresses of 
individuals 'Undecided' 
about organ donation 

53-3-205(15) 

No 
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Effect 

Increased risk that unauthorized recipients may obtain sensitive 
data. 

Recommendations 

1. DLD should stop sharing Pll and other applicant information 
not allowed by statute or where there is no public safety 
interest. 

2. DLD should disclose to applicants what Pll may be shared 
and with whom it may be shared. 

DLD's Response: 


DLD reviewed the findings of the auditor's office and respects the auditor's statutory interpretation 
regarding dissemination of Pll. DLD understands that disclosure of Pll should be limited due to the 
sensitive nature of the information. Understanding the auditor's statutory interpretation , DLD 
identifies the language in the governing statute may be interpreted in various ways. Due to the 
various legal interpretations of the statutory language , DLD recognizes the intent of the legislature 
concerning the statutory language could be clarified. Consequently, DLD will work with the 
legislature to clarify the intent of the statutory language regarding disclosure of Pll. 

Regarding the second area of concern "DLD is authorized to share specific Pll with external 
entities, but has chosen to share additional Pll not authorized in statute," DLD is reviewing the 
issues and is committed to complying with the statute regarding what data fields DLD is able to 
share in the future. 

Auditor's Concluding Remark : 

While we recognize we have differing interpretations of the same statute, we acknowledge that it 
would be beneficial for the Legislature to clarify the language in the statute. 
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Finding 2: DLD does not audit recipients of driver license information 


Condition 

DLD provided eight Memoranda of Understanding (MOU) between 
DLD and external entities with whom DLD agreed to provide Pll. In 
each case, the MOU provides guidance regarding the purpose for 
sharing the data and requires the recipient to use the data only for 
the purpose(s) outlined in the MOU. The following excerpt from 

DLD's MOU with the Utah Local Governments Trust shows a typical 
agreement: 


The driver license data will be used by the Utah Local 
Governments Trust to populate a database, which keeps 
track of the drivers that are insured by the Utah Local 
Governments Trust and employed by its insured members... 
[Database] data obtained by the Agency will only be used 
pursuant to this Agreement. Any deviation from this 
agreement may result in the loss of agency access. 


In addition to language designating appropriate usage of Database 
data, five of the eight MOUs require the data recipient to audit their 
use of Database data for appropriateness and to provide the results 
of these audits to DLD upon request. The three additional MOUs 
guarantee that DLD may audit the data recipient throughout the 
duration of their data-sharing agreement. 


At the time of this audit, DLD had not audited any of the entities 
receiving driver license applicant information, nor had they obtained 
audits performed by the entities themselves. 

Effect 

Increased risk that misuse of Database data by external entities will 
go undetected. 

Recommendation 

DLD should periodically audit the use of private Database 
information by any third parties receiving such information. 


DLD's Response : 

Each of the DLD's MOUs provide the purpose for sharing the data and also requires the recipient to 
use the data only for the purposes outlined in the MOU. DLD recognizes the value of auditing all 
recipients of its data. Currently, DLD does not have staff dedicated to nor trained in auditing 
practices as related to this issue. Consequently, DLD will make such auditing and training a priority 
as opportunities become available to request additional resources. 
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Appendix A Data Shared with External Parties 


Data Recipient 

Database data is used for the creation of the Uninsured Motorist 
Identification Database. DLD shares an applicant's license number, 
name, address, date of birth, and driver type. 

IDEMIA 

Database data is used to create driver license cards and administer 

written exams. The data shared includes all information found on 

an individual's driver license. 

Lieutenant Governor's 
Office, State of Utah 

Database data is used to register applicants to vote, to populate the 
Electronic Registration Information Center, and to compare the 
database of registered voters with the Database. Data shared 
includes name, date of birth, SSN, address, height, weight, and hair 
color. 

Utah Department of 
Workforce Services 
(DWS) 

Database data is used to verify an unemployment insurance 
claimant's identity. DLD does not share additional data with DWS, 
but simply returns a "pass" or "fail" if the driver license number and 
SSN provided by DWS match the information in the Database. 

Ogden Police 

Department 

Database data is shared with Ogden Police Department in the 
interest of public safety. DLD shares an applicant's license number, 
current address, and previous addresses. 

American Association of 

Motor Vehicle 
Administrators (AMVA) 

Database data is shared in agreement with other states to assist in 
prosecuting traffic violations across borders. Data shared includes 
name, SSN, license number, address, driving violations, and medical 
information. 

Utah Interactive (Ul) 

DLD contracts with Ul to create and maintain the driver license web 
application. All records in the Database are shared. 

Utah Local Governments 

Trust 

Utah Local Governments Trust is an insurer of local government 
agencies and receives motor vehicle records of licensed local 
government employees. Database data shared includes name, SSN, 
address, license number, and medical information. 

U.S. Department of 
Defense 

DLD sends applicant information to the Department of Defense to 
identify licensed males under 26 years of age for registration with 
the Selective Service. Name, address, gender, and date of birth are 
shared. 

Utah State Tax 

Commission 

The Tax Commission has an agreement with DLD to receive 
additional information about individuals for tax purposes. The 
Commission sends the SSNs of individuals to DLD, and if the SSNs 
appear in the Database, DLD sends back the corresponding license 
numbers, expiration dates, and dates of birth. 


Office of the State Auditor 


Page A-l 



















Utah Division of Fleet 
Management 

Fleet Management manages vehicles for the State of Utah. DLD 
shares name, dates of birth, address, license number, citations, 
department actions, and DUI arrests for all government employees. 

Statewide warrants 

In the interest of public safety, DLD shares data to update all 
warrant records in the State of Utah with known address 

information contained in the Database. 

Utah Department of 
Veterans and Military 
Affairs (UDVMA) 

Database data is shared with UDVMA to update information on 
applicants who identify themselves as veterans. Information shared 
includes license number, name, date of birth, gender, and address. 

Utah Criminal Justice 
Information System 
(UCJIS) 

UCJIS unifies data from several different sources to create a 

resource for crime enforcement in the State of Utah. UCJIS is used 
by law enforcement personnel. Upon receipt of a license/ID card 
number or SSN from law enforcement, DLD returns to UCJIS all 
fields in the Database. 

Organ Donation Services 

DLD shares Pll with organ donation services for (1) applicants who 
wish to be organ donors and (2) those who are undecided. Data 
shared includes name, license number, gender, address, and date of 
birth. 

Utah Office of Recovery 
Services 

DLD receives a file from Recovery Services with an individual's 
license number, name, SSN, and date of birth. If the SSN is found in 
the Database, DLD returns additional information about the 
applicant. 

University of Utah 

The University receives information for the creation of the Utah 
Population Database for health care research purposes. DLD shares 
names, dates of birth, addresses, height, weight, and other Pll of 
driver license applicants. 

Utah Office of State Debt 
Collection (OSDC) 

DLD shares name, date of birth, license number, address, SSN, and 
license expiration/issue date of individuals who have outstanding 
debt with the OSDC. 
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